Mercurial Mercurial > repos > enano-1.0 / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SECURITY: Enforce denied history_view on previous revisions
authorDan
Sun, 18 Jan 2009 18:09:55 -0500
changeset 322 44b68ee8d2f5
parent 321 5ae3a82c15f1
child 323 58fa63f7f23b
SECURITY: Enforce denied history_view on previous revisions
includes/pageprocess.php file | annotate | diff | comparison | revisions 
--- a/includes/pageprocess.php	Sun Jan 18 18:09:08 2009 -0500
+++ b/includes/pageprocess.php	Sun Jan 18 18:09:55 2009 -0500
@@ -165,6 +165,11 @@
       $this->err_access_denied();
       return false;
     }
+    if ( $this->revision_id > 0 && !$this->perms->get_permissions('history_view') )
+    {
+      $this->err_access_denied();
+      return false;
+    }
     $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
     $strict_no_headers = false;
     if ( isset($paths->pages[$pathskey]) )
Enano CMS (1.0.x)